Skip to Content
© G0d4ather | Dreamstime.com
Security & privacy

Malware alert: Avoid this fake workers’ compensation phishing attack

There’s quite a bit to worry about when it comes to safety on the web. Malware, phishing, hacking — these are all real threats to contend with when you’re opening web pages, downloading files, sharing documents or even checking your email.

It seems like there’s always a new threat, too. Tons of new scams have been identified in recent months, giving us plenty to be on the lookout for. Take, for example, these three email scams which were hitting people’s inboxes last month. Those are just a few of the issues we’ve seen lately.

And, yet another phishing attack was identified recently that you need to be aware of. And this one is a doozy. Keep reading for telltale signs you’re being phished and how to avoid falling victim.

No…don’t release the Kraken

According to Malwarebytes, Kraken is a new fileless attack technique that preys on people under the guise of offering information on workers’ compensation rights. If the malware associated with this phishing attack gets into your computer system, it can mean big trouble.

The Kraken attack starts with a phishing email with the subject line “Your Right to Compensation” — which supposedly contains information on workers’ compensation rights. But it’s much more devious. It also contains a lure phishing document called “Compensation manual.doc,” which is packaged in a .ZIP file.

The document claims to be encrypted and requests you enable editing to access it. If granted access, the victim is taken to a website where a malicious macro directly injects fileless malware into the computer’s Windows Error Reporting (WER) system.

The WER system is used because it makes the attack difficult to detect and keeps it from arousing suspicion. It also makes it tough to identify for the people who’ve been infected.

Related: 5 scams spreading online that could cost you thousands

“That reporting service, WerFault.exe, is usually invoked when an error related to the operating system, Windows features, or applications happens,” Malwarebytes stated in a recent blog. “When victims see WerFault.exe running on their machine, they probably assume that some error happened, while in this case they have actually been targeted in an attack.”

This phishing attack was first identified last month. While researchers know how this new phishing attack works, they aren’t sure who’s behind it. It appears to have originated in Vietnam, but no other information on motive is available.

Simple ways to protect against phishing

What we do know, however, is the malware from this phishing attack is tough to identify after it has been injected into your computer. You can still take steps to avoid that happening in the first place, though. Start by avoiding any emails that claim to have workers’ comp information that you haven’t explicitly asked for.

Don’t download, open, or grant editing access to any documents within emails, either. That’s how this one is infecting computers, and it’s how many before it have, too.

And if you notice WerFault.exe running on your machine, it’s likely you’ve already been targeted by an attack, so you need to take steps to remedy the issue. That includes installing antivirus and anti-malware software. Tap or click here for the best antivirus programs for PC and Mac.

There are other ways to avoid phishing campaigns, too, including:

  • Be careful when opening emails from ANY unknown senders. You should obviously avoid emails about workers’ comp, but you should also avoid emails that look suspicious or emails from senders who you don’t know. Opening an email won’t normally infect your computer, but links or attachments within could cause issues.
  • Don’t click links found in unsolicited emails. If you open emails from unknown senders, don’t click on the links. Clicking on links is a sure-fire way to end up on a malicious site. You can hover over the link to see what the URL is — and this should give you an idea of whether or not it’s a real site you want or need to visit.
  • Don’t download attachments. If you aren’t expecting an email with an attachment but receive one, contact the sender if you know them. If you don’t know them, don’t download it.
  • Use reputable antivirus software and run regular scans. Doing so will help protect you from issues like these — or at least help you catch them before they cause a major headache down the road.

Follow these simple precautions and you won’t have to worry about becoming a victim of a clever phishing attack. With just a little know-how you can outsmart even the most devious cybercriminals.

Komando Community background

Join the Komando Community!

Get even more digital know-how and entertainment within the Komando Community! Watch or listen to The Kim Komando Show on your schedule, read Kim's eBooks for free, and get answers in the Tech Forum.

Join Now